You're reading from TLS Cryptography In-Depth Explore the intricacies of modern cryptography and the inner workings of TLS

Product type Paperback

Published in Jan 2024

Publisher Packt

ISBN-13 9781804611951

Length 712 pages

Edition 1st Edition

Concepts

Cryptography

Authors (2):

Dr. Roland Schmitz

Dr. Paul Duplys

View More author details

Table of Contents (30) Chapters

Preface

1. Part I Getting Started

2. Chapter 1: The Role of Cryptography in the Connected World FREE CHAPTER

3. Chapter 2: Secure Channel and the CIA Triad

4. Chapter 3: A Secret to Share

5. Chapter 4: Encryption and Decryption

6. Chapter 5: Entity Authentication

7. Chapter 6: Transport Layer Security at a Glance

8. Part II Shaking Hands

9. Chapter 7: Public-Key Cryptography

10. Chapter 8: Elliptic Curves

11. Chapter 9: Digital Signatures

12. Chapter 10: Digital Certificates and Certification Authorities

13. Chapter 11: Hash Functions and Message Authentication Codes

14. Chapter 12: Secrets and Keys in TLS 1.3

15. Chapter 13: TLS Handshake Protocol Revisited

16. Part III Off the Record

17. Chapter 14: Block Ciphers and Their Modes of Operation

18. Chapter 15: Authenticated Encryption

19. Chapter 16: The Galois Counter Mode

20. Chapter 17: TLS Record Protocol Revisited

21. Chapter 18: TLS Cipher Suites

22. Part IV Bleeding Hearts and Biting Poodles

23. Chapter 19: Attacks on Cryptography

24. Chapter 20: Attacks on the TLS Handshake Protocol

25. Chapter 21: Attacks on the TLS Record Protocol

26. Chapter 22: Attacks on TLS Implementations

27. Bibliography

28. Index

29. Other Books You Might Enjoy

5.2 Authorization and authenticated key establishment

In computer security, the main purpose of entity authentication is to control access to an asset or a resource, say a money withdrawal from an ATM, a file on the disk, or an administrative interface of a web application. This is because access rights – what a user is allowed to do and what not – are typically tied to the user’s identity. The property of computing resources being available only to authorized entities is called authorization [173]– another important security objective that relies heavily on entity authentication.

Entity authentication is also necessary to establish a secure channel. If Alice wants to securely communicate with Bob, she not only needs to protect the messages transmitted between her and Bob over an insecure communication channel but also ensure that she is indeed talking to Bob. As illustrated in Figure 5.2, if Eve can impersonate Bob, all security would be lost even if the messages themselves can neither be decrypted nor manipulated. For this reason, entity authentication is typically an integral part of key establishment protocols.

While key exchange without entity authentication (so-called anonymous key exchange) is possible in principle, it has the huge drawback that you cannot be sure about who you have exchanged the key with. On the other hand, you can certainly do entity authentication without key exchange (the authentication process at the ATM is an example of this), but there is a certain danger that the connection is hijacked after the authentication, meaning an attacker replaces Alice without Bob noticing. Both attacks can be avoided if Alice and Bob agree on a shared (and authenticated) key as part of the authentication protocol.

A protocol that provides key authentication is called authenticated key establishment. Key authentication guarantees that only specifically identified parties get hold of the secret key established during a key exchange. In other words, if Alice and Bob perform an authenticated key establishment, Alice is assured that no one except Bob can learn that secret key. This implies that Bob needs to authenticate himself to Alice. If Bob also needs assurance that only Alice can gain access to the secret key, this can be done by performing an authenticated key exchange with mutual authentication.

Related to key authentication, key confirmation is the assurance that the other communicating party is in possession of a particular secret key. As an example, if Alice and Bob have previously established a secret key k, then, later on, Bob can perform key confirmation to reassure himself that Alice is still in possession of k.

To perform key confirmation, Bob would typically send Alice a message containing (mathematical) evidence that Bob is indeed in possession of key k. There are several ways that Bob can demonstrate this. As an example, Bob can either compute a one-way hash of k, use k in a keyed hash function, or encrypt known plaintext using k.

Alternatively, Bob can use a so-called zero-knowledge proof. Zero-knowledge proofs can be used to demonstrate the possession of a key without leaking any additional information about its value.

By combining key authentication and key confirmation, Alice and Bob achieve explicit key authentication. With explicit key authentication in place, Alice can verify that Bob actually possesses key k (and vice versa).

The rest of the chapter is locked

You're reading from TLS Cryptography In-Depth Explore the intricacies of modern cryptography and the inner workings of TLS

Table of Contents (30) Chapters

5.2 Authorization and authenticated key establishment

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you